You use the bundled Tomcat or Jetty containers and use the same security-domain value in the ejbs as the web app and do nothing else.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Scheil, Sven" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 10, 2003 5:41 AM Subject: [JBoss-user] How to use a principal from a webapp for securing ejb calls > We have developed a multitier app (cmdline clients, webclients, ejb business > layer and db layer). Running all on a jboss 3.0.3; the webclients are > developed using struts 1.1; the complete application can be put in one ear > file. > > The access to the webbclients is controlled by a form-based authentication > with a security-domain configured via login-config.xml: > > <application-policy name = "GatewayRealm"> > <authentication> > <login-module code > ="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> > <module-option name > ="dsJndiName">java:/CloudscapeDS</module-option> > <module-option name = "principalsQuery">select > PASSWORD from PERSON p where p.USERNAME=? and p.LOCKED=false</module-option> > <module-option name = "rolesQuery">select > r.ROLE,'Roles' from PERSON_ROLE_ROLE_PERSON_ROLE r, PERSON p where > p.USERNAME=? AND p.PERSONNO=r.PERSON</module-option> > </login-module> > </authentication> > </application-policy> > > This works all very well. > > Now we would like to use declarative Security for our EJBs (with the same > realm). But we don't know how to use the principal (we have in each request > of my webclients) to authenticate against the ejb container. > > Do we have to build our own Hashtable h with > > ... > h.put(javax.naming.CONTEXT.SECURITY_PRINCIPAL , request.getUserPrincipal()); > ... > > ctx = new InitialContext(h) > > and saving this ctx in a session attribute of my webclient to use for > further lookups? > > If this is the way, we become trouble with our implementation of the > ServiceLocator pattern. Our ServiceLocator class is a Singelton and results > the home interfaces of our EJBs. The InitialContext is stored once in an > instance variable. > > Could anyone give us a short description of the right way or send us an url > of an example app? > > Thank you > Sven ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
